Data Loss Prevention (DLP) involves computer and information security, where DLP systems identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage). Typically, a DLP system creates fingerprints of sensitive information that requires protection, and then uses the fingerprints to detect the presence of sensitive information in various files, messages and the like. Sensitive information may be stored in a structured form such as a database, a spreadsheet, etc., and may include, for example, customer, employee, patient or pricing data. In addition, sensitive information may include unstructured data such as design plans, source code, CAD drawings, financial reports, etc.
Many organizations store large amounts of sensitive information in files that are accessible to users within the organization. Since access to this data is essential to the job function of many users within the organization, there are many possibilities for theft or accidental distribution of this sensitive information. Theft or benign inadvertent disclosure of sensitive information represents a significant business risk in terms of the value of the intellectual property and compliance with corporate policies, as well as the legal liabilities related to government regulatory compliance. However, with a large number of files and users, it is difficult to assess which sensitive files present a certain kind of risk or are in a certain stage of remediation.